liz/PluralKit
liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(api): limit autoproxy member patch to own system

Browse Source
This commit is contained in:
spiral 2022-12-31 02:17:26 +00:00
parent f0aa48f00a
commit 5c0472eb95
No known key found for this signature in database
GPG Key ID: 244A11E4B0BCF40E
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
PluralKit.API/Controllers/v2/AutoproxyControllerV2.cs
View File

@ -57,7 +57,11 @@ public class AutoproxyControllerV2: PKControllerBase
PKMember? member = null;
if (updateMember)
{
member = await ResolveMember(data.Value<string>("autoproxy_member"));
if (member != null && ContextFor(member) != LookupContext.ByOwner)
throw Errors.GenericMissingPermissions;
}
var patch = AutoproxyPatch.FromJson(data, member?.Id);